Trustwave Data Loss Prevention
Strengths: Solid performance and covers a variety of network DLP scenarios
Weaknesses: Interface feels unpolished. Each protection module is a separate licence and cost
Verdict: Overall a decent network DLP solution that suffers due to a slightly higher price
Trustwave Data Loss Prevention is actually a series of modules that help form an overall DLP solution that analyses content and performs a series of actions against it. The main components are software modules that are typically pre-loaded on Dell rack-mounted server hardware running Red Hat Linux v4. These are: Monitor, Protect-Email, Protect-Web and Discover.
As the names reveal, the modules help with passive network monitoring, SMTP or Exchange integration, web proxy via ICAP and a separate standalone module that can scan data at rest. However for the purposes of this review we did not test the Discover module.
Installation was very easy in our test environment. The solution itself can be implemented using a variety of configurations which are predicated upon performance and how distributed the environment will be.
Appliances are configured using various roles and can act as collectors or consoles. Collectors are placed at various network points and perform network analysis on the data flows. Consoles are where the aggregation, processing and reporting take place. All of the configuration types are driven by policies and workflows, which ultimately tell the solution what to look for and how to act on the particular finding.
Protect-Email can integrate with Microsoft Exchange or other SMTP architectures and helps scan email and attachments. Protect-Web integrates with a proxy using ICAP to scan text on the page, blog, webmail, etc.
Ultimately the device performs well and is able to detect, quarantine and block offensive data according to its rule base. Our only complaint is that the overall ease of use and operating within the various sections of the web-based interface is not as intuitive as we would have hoped.
The documentation on the appliance itself could be a bit more verbose. Although it helps with the basic tasks and outlines most of the tabs and configuration options, it is more of a dictionary of terms and high-level overview help file.
Basic email and phone support during normal business hours is available for 20 per cent of the purchase price and 24/7 is available for 25 per cent of the price.
The pricing of the solution varies from subscription to per user and is different for each protection module (monitoring, email, web). We were unable to verify an accurate pricing model, so you would need to contact the vendor for more information.